From 8ef57ebbdaeb70956e90a0f19160492e991d06c5 Mon Sep 17 00:00:00 2001
From: MORAWSKI Norbert <morawski@scigames.at>
Date: Fri, 20 Mar 2026 02:01:35 +0100
Subject: [PATCH] fix(cloud-init): handle missing keys and make sudo
 conditional

---
 roles/virtualization/templates/cloud-user-data.yml.j2 | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/roles/virtualization/templates/cloud-user-data.yml.j2 b/roles/virtualization/templates/cloud-user-data.yml.j2
index 471ef6a..25fbeb5 100644
--- a/roles/virtualization/templates/cloud-user-data.yml.j2
+++ b/roles/virtualization/templates/cloud-user-data.yml.j2
@@ -8,13 +8,14 @@ users:
   - name: "{{ user.name }}"
     primary_group: "{{ user.name }}"
     groups: users
+{% if user.sudo | default(false) | bool %}
     sudo: "ALL=(ALL) NOPASSWD:ALL"
+{% endif %}
     passwd: "{{ user.password | password_hash('sha512') }}"
     lock_passwd: false
-{% set ssh_keys = user['keys'] | default([]) %}
-{% if ssh_keys | length > 0 %}
+{% if 'keys' in user and user['keys'] is iterable and user['keys'] is not string and user['keys'] | length > 0 %}
     ssh_authorized_keys:
-{% for key in ssh_keys %}
+{% for key in user['keys'] %}
       - "{{ key }}"
 {% endfor %}
 {% endif %}